PKB

Lies, Damned Lies and Microsoft Security Marketing

November 30th, 2007 | Category: Mozilla

So it’s one thing to publish a misleading report comparing the security of Internet Explorer and Firefox (ignoring days of risk, time to patch and automated updates), and it’s another thing to paint said report by a Microsoft employee as an unbiased third party study by not disclosing who authored it. (Even on clickthrough of the link on the IE Blog, it isn’t clear who Jeff Jones is, just that he’s posting to “CSO, the Resource for Security Executives.”)

From today’s IE Blog:

“According to a vulnerability report published today, IE7 has fewer vulnerabilities than previous versions of IE over the same time period.”

That should really say:

“According to a vulnerability report published today by Microsoft Security Strategy Director Jeff Jones, IE7 has fewer vulnerabilities than previous versions of IE over the same time period.”

We’ll have more to share on how wrong Jeff’s study is in just a bit on the Mozilla Security blog, but for now, I’d like to encourage our friends at Microsoft to practice responsible disclosure when they issue propagandist literature and portray it as the god’s honest truth. Guys: you are giving marketing a bad name, and you’re misleading your readers.

Updated 12/1/07: Here’s our side of the story.

ieblog post on security

22 Comments so far

  1. Asa Dotzler - Firefox and more November 30th, 2007 3:49 pm

    according to microsoft employee, microsoft is better…

    Nice catch Paul!……

  2. Bill November 30th, 2007 3:49 pm

    It may be true in the way they wrote it. They didn’t compare it with other company browser statistics (only previous versions of IE; they don’t even say which previous versions) and they never said if they were using public counts of vulnerabilities or just the ones they “knew” about.

    It is entirely possible that IE7 has less bugs that they know about than IE6 did (or 5 or 4 or whatever the compared it to). There isn’t a way to tell MS about the IE7 bugs and it is a more mature product with very little actual new functionality; it should be expected to have fewer bugs.

  3. Paul Kim November 30th, 2007 4:22 pm

    @Bill - the report specifically calls out Firefox, not just previous versions of IE.

  4. Bill November 30th, 2007 6:06 pm

    ok, sorry after reading the report I want to puke. It is hard to imagine someone actually pushing that garbage. Note that the IEblog post doesn’t say anything about firefox, merely stating that IE7 is better than previous versions of IE. It is only the report from “Jeff Jones” (a person I must admit I have never heard of before and whose statistics skills are rather diminished).

  5. Apples, Oranges, and the truth · Get Latest Mozilla Firefox Browsers November 30th, 2007 7:59 pm

    [...] vulnerabilities in the first year than the other browsers we compared.” Paul has already pointed out that this report was generated by a Microsoft employee, but not explicitly disclosed as [...]

  6. Shameless bias about IE security at sprignaturemoves.com November 30th, 2007 9:01 pm

    [...] this article about the first year of IE7 in one of the feeds I read.  Nothing like a sneaky plug by a Microsoft employee on a Microsoft product.  Stuff like this is what flame wars are made [...]

  7. n-blue December 1st, 2007 5:58 am

    Better you give a prove of what you believe rather than uncivillized title. Don’t being just for marketing, but showing off your data. Then people can weight. Isn’t it better?

    Btw, to note, Firefox is poor and the worse browser when render Thai font. Even Safari is better than Firefox.

  8. Diego December 1st, 2007 4:31 pm

    Doesn’t this in the IEBlog post point to the fact that the “report” was an internally produced at Microsoft?

    “According to internal Microsoft research based on data from Visual Sciences Corporation”

  9. jmdesp December 2nd, 2007 3:12 am

    @n-blue: Try Fx 3 beta. You’ll see that Fx Thai language problems are corrected in it.

  10. fidibert December 2nd, 2007 4:00 pm

    ‘Guys: you are giving marketing a bad name, and you’re misleading your readers.’
    ROFLMAO
    What part of ‘marketing’ didn’t you understand?

  11. n-blue December 2nd, 2007 10:18 pm

    @jmdesp
    I and my friends (Fx fanboy and supporter) did test Fx3. It fixed only with line-break. There is other two bugs that need to fix.
    1. Fx call the first font in system if you have new font installed then you’re nearly unable to read the page with Thai font. (Picture on first link will tell, it happend even with Google search page).
    2. People called it justify bug. You will see it when you run Fx on Vista. This bug arrange or render Thai in terrible way.

    These two bug still left in the last beta of Fx3.

  12. CableGuy December 3rd, 2007 5:36 am

    Wow! One more great Microsoft study.

  13. TheXBlog » Browser-Sicherheit: Streit zwischen Microsoft und Mozilla December 3rd, 2007 8:55 am

    [...] ist. Unter anderem an dieser Tatsache regt sich Unmut beim Mozilla-Team. So beklagt sich Paul Kim, Vice President des Marketing-Bereichs bei Mozilla, dass dem Leser des Blog-Eintrags von Microsoft [...]

  14. Mio December 3rd, 2007 9:27 am

    What about testing Linux and Firefox versus Michrosoft Windows and Microsoft Internet Explorer?

  15. SitePoint Blogs » Microsoft and Mozilla Disagree on Browser Security December 4th, 2007 9:17 pm

    [...] Kim, who pointed out that the report Microsoft was citing was actually prepared by Microsoft, in Lies, Damned Lies, and Microsoft Security Marketing: That should really [...]

  16. Crake2012 December 5th, 2007 8:53 pm

    @filbert
    thank you.

    http://www.youtube.com/watch?v=gDW_Hj2K0wo

  17. Guia do PC » Mozilla rebate elogios ao Internet Explorer 7 December 6th, 2007 3:46 am

    [...] turma do Firefox são a estagnação do programa (da versão 6 para a 7, foram-se seis anos), e a credibilidade da pesquisa que, segundo o texto original do IEBlog, aponta que o IE 7 teve menos falhas em seu primeiro ano do [...]

  18. Maar wat vinden de gebruikers er nou ZELF van? - Doe Niet Zo Moeilijk! December 6th, 2007 9:20 am

    [...] hoeveel mensen dat ding al gebruiken en hoeveel phishing attempts er zijn tegengehouden en andere vertekende statistieken. Dat is natuurlijk belangrijker dan, pak em beet, zorgen dat het kreng een beetje goed overweg kan [...]

  19. n-blue December 6th, 2007 12:57 pm

    I just realized I forgot the links showing what I mentioned above.
    a) Firfox pick up the first font it found on system. If you have custom installed font, you will see some thing like this.
    http://n-blue.nblogz.net/firefox-extreamly-good/

    b) People call it justify bug. It can not render Thai correctly on Vista PC. Firefox arrange the word to nearly unable to understand how it was spell.
    http://n-blue.nblogz.net/small-but-great-advantage-of-vista/

    This is not for blaming but need to be fixed.

  20. David Tan December 8th, 2007 10:47 pm

    IE is simply the crappiest browser created, period.

  21. n-blue | Firefox 2 vs. Internet Explorer 7: Security December 15th, 2007 5:42 am

    [...] ถัดจากนั้น Paul Kim การตลาดของ Mozilla ออกมางอแงโวยวายว่า IE โกหก ตั้งแต่แรกเริ่ม Firefox [...]

  22. MICROSPLOT February 5th, 2008 12:50 am

    Anything but Speechless: 100 Things People Are Really Saying About Windows Vista…

    Microsoft's web site offers us "100 Reasons You'll Be Speechless" over Windows Vista. Quoth the copy: "Using Windows Vista for the first time may leave you searching for words".

Leave a reply